aboutsummaryrefslogtreecommitdiff
path: root/src/main/java/org/traccar/api
diff options
context:
space:
mode:
Diffstat (limited to 'src/main/java/org/traccar/api')
-rw-r--r--src/main/java/org/traccar/api/resource/ReportResource.java4
-rw-r--r--src/main/java/org/traccar/api/security/PermissionsService.java4
2 files changed, 4 insertions, 4 deletions
diff --git a/src/main/java/org/traccar/api/resource/ReportResource.java b/src/main/java/org/traccar/api/resource/ReportResource.java
index 06ccbe4fd..a7bbe1067 100644
--- a/src/main/java/org/traccar/api/resource/ReportResource.java
+++ b/src/main/java/org/traccar/api/resource/ReportResource.java
@@ -127,7 +127,7 @@ public class ReportResource extends BaseResource {
@QueryParam("from") Date from, @QueryParam("to") Date to) throws StorageException {
permissionsService.checkRestriction(getUserId(), UserRestrictions::getDisableReports);
LogAction.logReport(getUserId(), "events", from, to, deviceIds, groupIds);
- return Events.getObjects(getUserId(), deviceIds, groupIds, types, from, to);
+ return Events.getObjects(storage, getUserId(), deviceIds, groupIds, types, from, to);
}
@Path("events")
@@ -141,7 +141,7 @@ public class ReportResource extends BaseResource {
permissionsService.checkRestriction(getUserId(), UserRestrictions::getDisableReports);
return executeReport(getUserId(), mail, stream -> {
LogAction.logReport(getUserId(), "events", from, to, deviceIds, groupIds);
- Events.getExcel(stream, getUserId(), deviceIds, groupIds, types, from, to);
+ Events.getExcel(stream, storage, getUserId(), deviceIds, groupIds, types, from, to);
});
}
diff --git a/src/main/java/org/traccar/api/security/PermissionsService.java b/src/main/java/org/traccar/api/security/PermissionsService.java
index b4a375109..12a2189e9 100644
--- a/src/main/java/org/traccar/api/security/PermissionsService.java
+++ b/src/main/java/org/traccar/api/security/PermissionsService.java
@@ -138,13 +138,13 @@ public class PermissionsService {
public <T extends BaseModel> void checkPermission(
Class<T> clazz, long userId, long objectId) throws StorageException, SecurityException {
if (!getUser(userId).getAdministrator() && !(clazz.equals(User.class) && userId == objectId)) {
- var objects = storage.getObjects(clazz, new Request(
+ var object = storage.getObject(clazz, new Request(
new Columns.Include("id"),
new Condition.And(
new Condition.Equals("id", "id", objectId),
new Condition.Permission(
User.class, userId, clazz.equals(User.class) ? ManagedUser.class : clazz))));
- if (!objects.isEmpty()) {
+ if (object == null) {
throw new SecurityException(clazz.getSimpleName() + " access denied");
}
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-21 15:29:44 +0000